This invention relates to a storage device employed as an external storage device and the like of computers, etc., and more particularly to a storage device which stores data in an encrypted form.
As the computer technology is advancing, the necessity to protect any top secret information increases. Thus, the importance of the encryption technique, for encrypting and storing data and transmitting the data, has been enhanced. For example, in this encryption technique, an encrypting key is stored in a storage device, data is encrypted using this stored encrypting key and stored in a memory, and the data read out from the memory is decrypted using this encrypting key.
In a case where such an encrypting key is common to all storage devices, if an encrypting key corresponding to one single storage device is leaked out, any other encrypting keys corresponding to other mass-produced storage devices are to be leaked out as well. This may lead to the possibility of deciphering the stored data.
Different encrypting keys may possibly be set to the respective storage devices, however, this increases the number of manufacturing processes and the manufacturing cost of the storage devices.
The technique, for encrypting the whole data on the computer so as to store the data in a memory card and decrypting the data read out from the memory card on the computer, is also known. According to this method, if communications between the computer and the storage device is monitored, its encrypting key may be lead out.
This invention has been made in consideration of the above facts. It is accordingly an object of this invention to provided a storage device which has a function for encrypting and decrypting data and wherein top secret information, such as an encrypting key or the like, is unlikely to be leaked out.
Another object thereof is to provide a storage device whose encrypting key can not be leaked out, even if another encrypting key corresponding to another storage device is leaked out.
In order to achieve the above-described objects, a storage device for storing data, according to the first aspect of this invention, may comprise:
a rewritable non-volatile memory (11) storing data; and
controlling means (12) for accessing said non-volatile memory, and said storage device being characterized in that:
a first encrypting key is stored in said non-volatile memory, a second encrypting key is stored in said controlling means and the first encrypting key is encrypted using the second encrypting key; and
said controlling means includes
key decrypting means (12) for decrypting the first encrypting key using the second encrypting key,
writing means (12) for encrypting data using the first encrypting key decrypted by said key decrypting means, and writing the encrypted data in said non-volatile memory, and
reading means (12) for reading out data from said non-volatile memory, and decrypting the read data using the first encrypting key which is decrypted by said key decrypting means.
According to this storage device, the first and second encrypting keys are employed and are separately stored. The first encrypting key is encrypted with the second encrypting key. Thus, as compared to the case where there is only one encrypting key, there is less possibility that such encrypting keys are leaked out. Hence, data is unlikely to be stolen.
Particularly, because the first encrypting key is stored in the rewritable non-volatile memory, the first encrypting key may be prepared uniquely for each device or for every certain number of devices. Therefore, even if the second encrypting key is lead out, it is difficult to decipher the entire data stored in all storage devices.
The non-volatile memory is so prepared as to store data. Thus, even if the first encrypting key stored therein, there is no increase in the cost performance.
The second encrypting key is common to a plurality of storage devices, and the first encrypting key is an encrypting key common to a part of said storage devices each storing the same second encrypting key or individually prepared for each of the storage devices storing the same second encrypting key. According to this structure, different encrypting keys may be prepared respectively for various devices.
The non-volatile memory may include a flash memory (11); and
the controlling means may include a mask ROM (Read Only Memory) (15) storing the second encrypting key. The mask ROM is suited to be mass-produced, thus data including the second encrypting key can be manufactured at row rates. On the other hand, the flash memory is rewritable, so that different first encrypting keys can be prepared for the respective devices or for every certain number of devices, and can be recorded therein.
A password may be retrieved, and the encrypted first encrypting key may be decrypted only in a case where a proper password is input. In this case, the first encrypting key may be encrypted with the third encrypting key which is generated based on the second encrypting key and a password, and may be stored in said non-volatile memory; and the key decrypting means may include
means for inputting the password,
means for generating a third encrypting key based on the input password, and
means (16) for decrypting the encrypted first encrypting key using the second encrypting key and the generated third encrypting key.
The key decrypting means may include a decrypting program and means (16) for executing the decrypting program; and
the decrypting program may be stored in said non-volatile memory. According to this structure, the encrypting program in accordance with the password may appropriately be recorded in the non-volatile memory.
The key decrypting means, the writing means and said reading means may stores the decrypted first encrypting key, and include a volatile memory (13) which is protected from any external access. The decrypted first encrypting key may be stored in a RAM (Random Access Memory), etc., and used. If the storage contents of the RAM are to be externally read out, data stored in the non-volatile memory is to be deciphered. Thus, it is preferred that the volatile memory be protected from any external access.
The said non-volatile memory may include a flash memory (11).
The controlling means may include key generation means (16) for generating the first encrypting key, encrypting the generated first encrypting key using the second encrypting key, and storing the encrypted first encrypting key in said non-volatile memory. According to this structure, the storage device itself generates the first encrypting key, and is used in encrypting/decrypting data.
The key generation means may generate the first encrypting key based on an input password. According to this structure, it becomes even harder to specify the first encrypting key.
The second encrypting key may be an encrypting key common to the plurality of storage devices. According to this structure, the controlling means may include a mask ROM storing the encrypting key common to the plurality of devices, thereby to reduce the cost performance.
A storage device according to the second aspect of this invention may comprise:
a rewritable non-volatile memory (11) storing a first encrypting key and data; and
controlling means (12) for storing a second encrypting key and accessing said non-volatile memory, and said storage device being characterized in that said controlling means includes
writing means (16) for encrypting data using the first and second encrypting keys, and writing the data into said non-volatile memory, and
reading means (16) for reading data from said non-volatile memory and decrypting the read data using the first and second encrypting keys, and outputting the data.
According to this structure, the data stored in the non-volatile memory is encrypted using a plurality of encrypting keys. Hence, unless both encrypting keys are lead out, the data stored in the non-volatile memory can not be decrypted. Therefore, as compared to the case where a single encrypting key is employed, top secret information may securely be stored in this structure.
Moreover, the two encrypting keys are stored separately from each other in different positions in the storage devices, thus it is difficult to specify the encrypting keys.
For example, the second encrypting key may be an encrypting key common to a plurality of storage devices, and may be stored in a read-only memory which is arranged in said controlling means; and
the first encrypting key may be an encrypting key which is individually prepared or which is common to a part of the plurality of storage devices having the common second encrypting key.
Having stored the first encrypting key in the rewritable non-volatile memory, different first encrypting keys may respectively be prepared for the storage devices, for example. Having stored the second encrypting key common to the plurality of storage devices respectively in their read-only memory, the memory storing the second encrypting key may be mass-produced.
For example, the non-volatile memory may include a flash memory (11); and
said controlling means may include a mask ROM (Read Only Memory) (15) which stores the second encrypting key.
A storage device according to the third aspect of the present invention may comprise:
encrypting key storage means (11) for storing an encrypted encrypting key;
a rewritable non-volatile memory (11) which stores encrypted data using the encrypting key;
controlling means which includes
decrypting means (16) for decrypting the encrypting key,
a volatile memory (13) which stores the encrypting key decrypted by said decrypting means,
writing means (16) for externally-sent encrypting data using the encrypting key stored in said volatile memory and for writing the data in said non-volatile memory,
reading means (16) for reading data from said non-volatile memory, decrypting the read data using the encrypting key stored in said volatile memory, and outputting the data; and
prohibition means (16, 22, IDB, 25) for prohibiting any external access to said volatile memory, and said storage device being characterized in that the decrypted encrypting key is protected from any external access.
The encrypting key is encrypted, but decrypted when to be used, and stored in the volatile memory. Therefore, accessing this volatile memory and reading out data therefrom can cause the leaking of the encrypting key. According to this invention, however, any external access to the volatile memory is prohibited by the prohibition means, thus preventing the leaking of such key from occurring.
The prohibition means may, for example, include casing means (25) for casing said controlling means and an internal bus (IDB), which is cased in said casing means and which transmits data between said volatile memory and said decrypting means. According to this structure, the volatile memory is not accessible, thus any direct external access can not be made to this volatile memory. The bus between the decrypting means and the volatile memory is closed in, so it is also difficult to probe the data on the bus so as to determine the encrypting key.
It is preferred that the internal bus be formed independently from a data bus (DB), which transmits the encrypting key encrypted between said encrypting key storage means and said decrypting means and which transmits encrypted data between said writing means, said reading means and said non-volatile memory, and said device being so formed that the decrypted encrypting key is not output onto said data bus. According to this structure, it is preventable that the encrypting key is monitored by probing the bus which is elongated externally from the storage device.
The prohibition means may include unsealing detection means (16, 22) for detecting that the storage device is unsealed, and means (16) for erasing contents of said non-volatile memory when said unsealing detection means (16, 22) detects the unsealing of the storage device. According to this structure, any improper access to the non-volatile memory or the volatile memory can be prohibited.
A storage device according to the fourth aspect of the present invention may comprise:
a non-volatile memory (11);
key generation means (16) for generating a first encrypting key;
key storage means (15) for storing a second encrypting key;
writing means (16) for encrypting data using the first encrypting key generated by said key generation means and the second encrypting key stored in said key storage means, and writing the data into said non-volatile memory; and
reading means (16) for reading data from said non-volatile memory, decrypting the data using the first and second encrypting keys, and outputting the decrypted data.
According to this structure, the storage devices itself can generate the first encrypting key. If the encrypting key is to be generated based on the user password, etc., different encrypting keys can be prepared for the respective storage devices. Thus, it becomes extremely difficult to decipher the encrypting key, enhancing the reliability of the system.
The key generation means may include means for storing the generated first encrypting key in said non-volatile memory; and said writing means and said reading means may use the first encrypting key stored in said non-volatile memory. According to this structure, at the time of data formatting, for example, the first encrypting key is generated and stored in the non-volatile memory. This first encrypting key is used again, thus achieving high speed operations.
The first encrypting means may be generated based on an input password. Having formed such a structure, identification of the first encrypting key is hardly accomplished.
The second encrypting key may, for example, be an encrypting key common to a plurality of storage devices, and may be stored in said key storage means including a read-only memory. According to this structure, the encrypting key common to the plurality of devices can be made with the mask ROM, permitting a cost reduction.
A storage device according to the fifth aspect of the present invention may comprise:
first encrypting key storage means (11) for storing a first encrypting key;
second encrypting key storage means (15) for storing a second encrypting key;
third encrypting key storage means (15) for storing a third encrypting key;
writing means (16) for encrypting data using the first to third encrypting keys stored in said first to third encrypting key storage means, and writing the encrypted data in a non-volatile memory; and
reading means (16) for reading data from the non-volatile memory, decrypting the read data using the first to third encrypting keys, and outputting the data, and said storage device being characterized in that the first to third encrypting keys are separately arranged.
According to this structure, if three or more encrypting keys are employed, and are stored separately from one another, it becomes very difficult to decipher the encrypting keys.
An encrypting/decrypting device according to the sixth aspect of the present invention may comprise:
a rewritable non-volatile memory (11) in which a first encrypting key is stored;
a read-only memory (15) in which a second encrypting key is stored;
encrypting means (16) for encrypting data using the first and second encrypting keys and outputting the data; and
decrypting means (16) for decrypting the encrypted data using the first and second encrypting keys and outputting the data.
According to this structure, the encrypting and decrypting of data can be performed using two encrypting keys. Besides, the second encrypting key common to a plurality of devices can be stored in the read-only memory, and individual encrypting keys can be stored in the non-volatile memory.
An accessing method of accessing a non-volatile memory, according to the seventh aspect of the present invention may comprise:
storing in a read-only memory a common encrypting key which is common to a plurality of devices;
encrypting with the common encrypting key individual encrypting keys unique to each of the plurality of devices, and storing the encrypted individual encrypting keys in a rewritable non-volatile memory;
decrypting the individual encrypting keys using the common encrypting key, encrypting data using the decrypted individual encrypting keys, and writing the encrypted data into the non-volatile memory, when writing data into the non-volatile memory; and
decrypting the individual encrypting keys using the common encrypting key, decrypting data read out from the non-volatile memory using the decrypted individual encrypting keys, and outputting the decrypted data, when reading data from the non-volatile memory.
According to this accessing method of accessing the storage device, as compared to the case where only one encrypting key is prepared, the encrypting keys are unlikely to be leaked out, thus the data is unlikely to be stolen and the increase in the cost is unlikely to occur as well.
The individual encrypting keys may be decrypted only when a predetermined password is input. In this case, the individual encrypting keys are encrypted with the common encrypting key and a third encrypting key generated based on a password, and are stored in the non-volatile memory, and the method may further comprise inputting the password, generating the third encrypting key based on the input password, and decrypting the individual encrypting keys using the common encrypting key and the generated third encrypting key.
The common encrypting key and the decrypted individual encrypting keys may be protected from any external access.
According to this structure, the reliability of the system can be enhanced.